Senior Cloud Security Engineer responsible for hands-on remediation of cloud and infrastructure vulnerabilities, operating vulnerability and CSPM tooling, enforcing secure configurations across Azure environments, embedding security in CI/CD and IaC, supporting compliance/audits and reporting, mentoring engineers, and partnering with cross-functional teams to maintain cloud security posture and policy.
Join Us!
Take the next step in your journey at Inspira Financial. Guided by our mission to enable better health and greater wealth, we help businesses and individuals thrive today, tomorrow, and into retirement by strengthening and simplifying the health and wealth journey.
Our values shape how we show up every day. We Lead with Heart by acting with compassion, empathy, and doing what's right; Cultivate Trust through integrity, transparency, and accountability; Aim Higher by never settling for what's expected and continually raising the standard; and Win Together by collaborating inclusively to achieve the best outcomes.
Join us on our journey as we work together to take on the complex and the everyday--turning collective effort into life-changing impact that enriches lives and helps build a better future. Learn more at inspirafinancial.com.
We believe in finding the best talent! While some roles are based at one of our office locations, remote roles can sit in any of the following states: AL, AZ, FL, GA, IA, IL, IN, MI, MN, MO, NC, NE, PA, SC, TN, TX, UT, VA and WV. Remote status and role locations are subject to change. Relocation is not provided.
Employees within a 90-minute radius of our Oak Brook, IL headquarters are required to adhere to the company in-office work guidelines of 4 days per month minimum from 10 am to 2 pm (1 of the 4 days must be a Monday or Friday). This requirement does not apply to support specialist positions.
Don't meet every single requirement? That's okay. At Inspira Financial, we know growth comes from people who are willing to learn, challenge themselves, and aim higher. We value individuals who lead with heart, cultivate trust, and collaborate to win together. If you're energized by meaningful work, continuous development, and being part of a team that turns collective effort into real impact, Inspira Financial could be the right next step in your journey. We look forward to receiving your application.
Inspira Financial provides health, wealth, retirement, and benefits solutions that strengthen and simplify the health and wealth journey. With more than 7 million clients, representing over $62 billion in assets, Inspira works with thousands of employers, plan sponsors, recordkeepers, TPAs, and other institutional partners -- helping the people they care about plan, save, and invest for a brighter future. Inspira relentlessly pursues better outcomes for all with our automatic rollover services, health savings accounts, emergency savings funds, custody services, and more. Learn more at inspirafinancial.com .
We have been recognized for our remarkable growth on lists such as Crain's Fast 50 and Inc. 5000, and for our outstanding workplace culture and benefits with Built In's 2025 Best Places to Work and Gallagher's 2022 Best-In-Class Employer awards.
Job Summary & Responsibilities
The Sr. Cloud Security Engineer (Sr. CSE) is a hybrid cloud and security engineering role responsible for the hands-on remediation of infrastructure and cloud vulnerabilities, ensuring cloud and infrastructure resources maintain compliance with established policies and Minimum - Security Baselines (MSBs), and reporting the organization's current compliance posture. The Sr. CSE will partner with the Security team to define, author, and maintain cloud security policies - keeping pace with evolving industry trends and regulatory requirements. This role will also actively participate in audit activities, including evidence gathering, reporting, and cross-functional collaboration with Compliance, Legal, and IT teams.
Duties & Responsibilities:
Vulnerability Remediation & Security Operations
Compliance, Policy & Reporting
CI/CD Pipeline & Infrastructure Security
Technical Leadership & Mentorship
Cross-Team Collaboration
Additional Requirements:
As part of the evaluation process, candidates who progress beyond the initial screening will be required to complete a formal technical assessment to validate coding proficiency and technical competency.
Preferred Qualifications
Education & Experience
Skills & Abilities
Hands-on experience or significant exposure to the following services and concepts:
Cloud Platform - Azure
Security Tooling
Network & Perimeter Security
Frameworks & Compliance
Experience with or exposure to the following developer runtimes and technologies is a plus, as this role will consult on security posture within environments built on:
Compensation & Benefits
$125,000- $155,000 per year
Take the next step in your journey at Inspira Financial. Guided by our mission to enable better health and greater wealth, we help businesses and individuals thrive today, tomorrow, and into retirement by strengthening and simplifying the health and wealth journey.
Our values shape how we show up every day. We Lead with Heart by acting with compassion, empathy, and doing what's right; Cultivate Trust through integrity, transparency, and accountability; Aim Higher by never settling for what's expected and continually raising the standard; and Win Together by collaborating inclusively to achieve the best outcomes.
Join us on our journey as we work together to take on the complex and the everyday--turning collective effort into life-changing impact that enriches lives and helps build a better future. Learn more at inspirafinancial.com.
We believe in finding the best talent! While some roles are based at one of our office locations, remote roles can sit in any of the following states: AL, AZ, FL, GA, IA, IL, IN, MI, MN, MO, NC, NE, PA, SC, TN, TX, UT, VA and WV. Remote status and role locations are subject to change. Relocation is not provided.
Employees within a 90-minute radius of our Oak Brook, IL headquarters are required to adhere to the company in-office work guidelines of 4 days per month minimum from 10 am to 2 pm (1 of the 4 days must be a Monday or Friday). This requirement does not apply to support specialist positions.
Don't meet every single requirement? That's okay. At Inspira Financial, we know growth comes from people who are willing to learn, challenge themselves, and aim higher. We value individuals who lead with heart, cultivate trust, and collaborate to win together. If you're energized by meaningful work, continuous development, and being part of a team that turns collective effort into real impact, Inspira Financial could be the right next step in your journey. We look forward to receiving your application.
Inspira Financial provides health, wealth, retirement, and benefits solutions that strengthen and simplify the health and wealth journey. With more than 7 million clients, representing over $62 billion in assets, Inspira works with thousands of employers, plan sponsors, recordkeepers, TPAs, and other institutional partners -- helping the people they care about plan, save, and invest for a brighter future. Inspira relentlessly pursues better outcomes for all with our automatic rollover services, health savings accounts, emergency savings funds, custody services, and more. Learn more at inspirafinancial.com .
We have been recognized for our remarkable growth on lists such as Crain's Fast 50 and Inc. 5000, and for our outstanding workplace culture and benefits with Built In's 2025 Best Places to Work and Gallagher's 2022 Best-In-Class Employer awards.
Job Summary & Responsibilities
The Sr. Cloud Security Engineer (Sr. CSE) is a hybrid cloud and security engineering role responsible for the hands-on remediation of infrastructure and cloud vulnerabilities, ensuring cloud and infrastructure resources maintain compliance with established policies and Minimum - Security Baselines (MSBs), and reporting the organization's current compliance posture. The Sr. CSE will partner with the Security team to define, author, and maintain cloud security policies - keeping pace with evolving industry trends and regulatory requirements. This role will also actively participate in audit activities, including evidence gathering, reporting, and cross-functional collaboration with Compliance, Legal, and IT teams.
Duties & Responsibilities:
Vulnerability Remediation & Security Operations
- Perform hands-on remediation of infrastructure and cloud vulnerabilities, driving issues to closure within established SLAs and policy requirements
- Operate and administer vulnerability management and cloud security posture management (CSPM/DSPM) tooling - managing scan coverage, remediating findings, and reporting on SLA adherence
- Identify , prioritize, and remediate cloud misconfigurations and security posture gaps across the organization's Azure subscriptions and infrastructure
- Implement and validate security controls across cloud-native services, IaaS, PaaS, and container-based workloads
- Maintain and enforce secure configurations across firewalls, network security components, application delivery infrastructure, and compute platforms in partnership with the Security Team
- When needed, assist with privileged credential hygiene, certificate lifecycle, and secrets governance across the environment
- Support the hardening of Windows and Linux server environments through configuration management and compliance-as-code practices
- Maintain awareness of known and emerging vulnerabilities across the full technology stack - cloud services, OS platforms, network components, and application runtimes
Compliance, Policy & Reporting
- Monitor and report the organization's compliance posture against established security policies, baselines, and regulatory frameworks
- Partner with the Security team to define, author, and maintain cloud and infrastructure security policies - keeping pace with evolving industry trends and regulatory requirements
- Review and update existing policies on a regular cadence to reflect changes in the cloud environment and threat landscape
- Produce accurate , timely compliance posture reports for leadership - covering baseline adherence, vulnerability SLA performance, and remediation progress
- Coordinate and assist in evidence collection and audit maintenance for internal and external organizational assessments, including regulatory audits and third-party risk reviews
- Respond to findings from audits, security questionnaires, and internal/external scanning or penetration testing
CI/CD Pipeline & Infrastructure Security
- Partner with Software E ngineering and App Security teams to embed security into CI/CD pipelines and deployment workflows - including secret scanning, least-privilege deployment identities, and secrets management integration
- Review and advise on Infrastructure-as-Code ( IaC ) implementations from a security perspective, ensuring patterns align with security baselines and organizational standards
- Support secure configuration management across server and cloud environments
- Ensure PKI and certificate management practices are maintained across the environment - including TLS/SSL lifecycle, renewal processes, and certificate inventory
Technical Leadership & Mentorship
- Serve as an informal technical leader and security subject matter expert across Cloud Engineering, Platform Engineering, and adjacent teams
- Mentor engineers on security best practices, secure design patterns, and compliance requirements - elevating security competency across the department without direct people management responsibilities
- Contribute to architecture and design reviews, providing a security lens on cloud platform decisions in partnership with the Cloud Architect
Cross-Team Collaboration
- Cloud Engineering & Platform Engineering - consult on secure architecture, container platform hardening, network segmentation, and pipeline security practices
- Identity & Access Management (IAM) - partner on identity governance, privileged access management, and access control policy enforcement
- Incident Response / Vulnerability Management - collaborate with the Security Detection & Response team on vulnerability prioritization, SLA tracking, remediation coordination, and incident response activities
- Audits & Assessments - provide technical support for evidence gathering, compliance posture reporting, and audit response
- Application Development Teams - consult on security requirements for cloud-native application platforms, ensuring developer environments are built securely from the ground up
Additional Requirements:
As part of the evaluation process, candidates who progress beyond the initial screening will be required to complete a formal technical assessment to validate coding proficiency and technical competency.
Preferred Qualifications
Education & Experience
- 10+ years of experience in cloud engineering, infrastructure, or security engineering - with demonstrated hands-on security work, not just advisory
- Bachelor's Degree in Computer Science , Software/Computing Engineering, Information Security, or related field - or equivalent experience
- Technical certifications preferred: AZ-500, SC-100, SC-200, AZ-104, or equivalent cloud/security certifications
- Experience working in regulated industries (Financial Services, Insurance, or Health-Tech preferred)
- Familiarity with compliance frameworks: NIST, HIPAA, PCI and Minimum Security Baselines (MSBs)
Skills & Abilities
Hands-on experience or significant exposure to the following services and concepts:
Cloud Platform - Azure
- Networking & Security: Virtual Networks (VNETs) and peering, NSGs, UDRs, Private Endpoints, Azure Firewall, Application Gateways (including WAF - OWASP ruleset configuration, Detection vs. Prevention mode), ExpressRoute, VPN Gateways, and Azure Bastion
- Compute & Containers: Virtual Machines, VM Scale Sets, AKS (Kubernetes), and Container App Environments - including cluster hardening, network policy enforcement, workload identity, and Azure Policy for Kubernetes
- Identity & Access: Active Directory (on-prem, hybrid Entra Connect sync), Microsoft Entra ID, Privileged Identity Management (PIM), Conditional Access policy design and enforcement, Azure RBAC (including custom role design), and Entra ID Protection
- Security & Compliance Tooling: Microsoft Sentinel, Microsoft Defender for Cloud (Defender for Containers, Defender for Servers, Defender CSPM), and Azure Policy
- Monitoring & Observability: Azure Monitor - KQL, alert rule configuration, log-based queries, and action group integrations; familiarity with Log Analytics Workspace architecture and log ingestion patterns at scale
- Secrets & Certificates: Azure Key Vault and Key Vault CSI Secrets Store driver for AKS
- Storage & Recovery: Storage Accounts, Backup Vault, and Azure Site Recovery
- Virtual Desktop: Azure Virtual Desktop (AVD)
Security Tooling
- Rapid7 - vulnerability management and scanning ( InsightVM or InsightIDR ); scan configuration, reporting, and SLA tracking
- Wiz and/or Orca Security - CSPM/DSPM platform experience; cloud misconfiguration identification, prioritization, and remediation workflows
- Microsoft Sentinel - SIEM administration, analytics rule management, and data connector configuration; familiarity with security log feeds from edge and email security platforms preferred
- Microsoft Defender for Cloud - Defender plans (Servers, Containers, CSPM), agentless scanning, and security recommendation management
- Datadog - log management, infrastructure monitoring, and security-adjacent alerting
- Identity, Access & Privileged Access Management
- Delinea Secret Server (Thycotic) - PAM administration, privileged credential vault management, and access policy configuration
- Active Directory + Entra ID - hybrid identity, Entra Connect sync, group policy (GPO), DNS, and DHCP administration
- Conditional Access, PIM, and RBAC - policy design, enforcement, and least-privilege access models at enterprise scale
- Microsoft Intune - device compliance enforcement as part of a Zero Trust security posture
- Certificate Management - PKI, TLS/SSL lifecycle management, certificate inventory, and renewal processes
Network & Perimeter Security
- Cloudflare (Enterprise) - CDN, WAF, DDoS protection, and DNS proxy configuration and management
- Network routing and VPN - hub-and-spoke topology, route tables, ExpressRoute, and VPN Gateway
- Cisco ASAv - virtual firewall configuration and management
- DNS, DHCP, and Group Policy - enterprise-scale administration in hybrid environments
- DevOps, IaC & Pipeline Security
- Azure DevOps (ADO) - CI/CD pipeline security, build agent management, and secure pipeline design
- GitHub / GitLab - source control security, branch protection, secret scanning, and pipeline hardening
- Infrastructure-as-Code ( IaC ) - Terraform, ARM templates, or Bicep - with a security-first approach to cloud deployments
- CHEF - configuration management and compliance-as-code for server fleet hardening and baseline enforcement
- Endpoint & Server Platforms
- Windows Server - administration, hardening, security baseline enforcement, and Group Policy management
- Linux Server - administration, hardening, and security baseline enforcement across enterprise server fleets
- Microsoft 365 Suite - Exchange, SharePoint, Teams, and Intune - security configuration and administration
Frameworks & Compliance
- Familiarity with NIST, HIPAA, and organizational Minimum Security Baselines (MSBs)
- Understanding of Zero Trust architecture principles and how they apply across identity, network, and workload security
- Familiarity with PCI-DSS scoped environment security requirements preferred
- Experience operating in regulated industries (Financial Services, Insurance, or Health-Tech)
Experience with or exposure to the following developer runtimes and technologies is a plus, as this role will consult on security posture within environments built on:
- ASP.NET, .NET, Java (JBoss / Hibernate / JMS), gRPC , Redis, SQL Server
Compensation & Benefits
$125,000- $155,000 per year
Similar Jobs at Inspira Financial
Fintech
Responsible for business development in national accounts and middle markets; involves relationship building, managing negotiations, and generating leads.
Top Skills:
Salesforce CRM
Fintech
The Compliance Investigator will investigate and prevent fraudulent activities, maintain documentation, and collaborate with departments on fraud risk management and prevention strategies.
Top Skills:
ExcelMicrosoft OutlookMicrosoft TeamsMicrosoft Word
Fintech
Build and validate predictive models, analyze large structured and unstructured datasets, generate business insights, present analytic results to stakeholders, and develop tools to advance analytics capabilities.
Top Skills:
ExcelMicrosoft WordOutlookSalesforce CRM
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories

